user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
        worker_connections 768;
        # multi_accept on;
}

http {

        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # SSL Settings
        ##

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;

        # gzip_vary on;
        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}

stream {
    ssl_certificate     "/etc/apache2/{{ server_ssl_pem_master }}";
    ssl_certificate_key "/etc/apache2/{{ server_ssl_pem_master_key_master }}";

    upstream glance-api {
        server 127.0.0.1:9292;
    }
    server {
        listen     {{ inventory_hostname }}:9292 ssl;
        proxy_pass glance-api;
    }

    upstream nova-api {
        server 127.0.0.1:8774;
    }
    server {
        listen {{ inventory_hostname }}:8774 ssl;
        proxy_pass nova-api;
    }

    upstream nova-metadata-api {
        server 127.0.0.1:8775;
    }
    server {
        listen {{ inventory_hostname }}:8775 ssl;
        proxy_pass nova-metadata-api;
    }

    upstream placement-api {
        server 127.0.0.1:8778;
    }
    server {
        listen {{ inventory_hostname }}:8778 ssl;
        proxy_pass placement-api;
    }

    upstream novncproxy {
        server 127.0.0.1:6080;
    }
    server {
        listen {{ inventory_hostname }}:6080 ssl;
        proxy_pass novncproxy;
    }

    upstream neutron-api {
        server 127.0.0.1:9696;
    }
    server {
        listen {{ inventory_hostname }}:9696 ssl;
        proxy_pass neutron-api;
    }

    upstream cinder-api {
        server 127.0.0.1:8776;
    }
    server {
        listen {{ openstack_master_ip }}:8776 ssl;
        proxy_pass cinder-api;
    }
}
